PT-2018-10724 · Dialogic · Dialogic Powermedia Xms

Published

2018-07-03

Updated

2018-09-07

CVE-2018-11640

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dialogic PowerMedia XMS versions prior to 3.5 SU2

Description The issue allows remote attackers to read arbitrary files or cause a denial of service due to resource consumption. This is related to an XML External Entity (XXE) vulnerability in the web service.

Recommendations For versions prior to 3.5 SU2, update to version 3.5 SU2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web service to minimize the risk of exploitation.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-11640

Affected Products

Dialogic Powermedia Xms

PT-2018-10724 · Dialogic · Dialogic Powermedia Xms

CVE-2018-11640

Weakness Enumeration

Related Identifiers

Affected Products

References · 3